Tech Giants: IoT Security Is Terrible, Here's How to Fix It

...

11/23 20:49

Google, T-Mobile, Cisco and several other companies offered a plan this week to help boost the security of baby monitors, Wi-Fi routers, traffic lights, and the millions of other devices that make up Internet of Things (IoT).

The plan, published on Tuesday by the Broadband Internet Technical Advisory Group, argues for a major shift in the way device manufacturers approach security. They should be "restrictive instead of permissive," meaning instead of automatically allowing Internet traffic, in some cases without a password or firewall, IoT devices of the future should be inaccessible to inbound connections by default.

Only after a user configures the device's security options would it be able to send and receive Internet traffic. For connected home devices like thermostats and baby monitors, that setup would have the additional benefit of not relying on the protection of a single firewall located in the home's Wi-Fi router.

The advisory group, formed in 2010, counts several major cellular and cable providers among its members, in addition to device manufacturers and content companies like Disney. Besides arguing for more default security, its report also suggests strong encryption and automated software updates, two measures that security experts have been calling for in the wake of a massive DDoS attack that crippled much of the Internet's infrastructure last month.

The inevitability of software bugs makes it critical for the IoT industry to "design their devices and systems based on the assumption that new bugs and vulnerabilities will be discovered over time," the report suggests.

It's a similar argument to one offered by ARM, the company that makes many of the chips that power IoT devices. The company's CEO Simon Segars expressed concern last month over the lax security of many of the devices its customers build.

"The security is non-existent," he said. "I mean, scarily bad. You can see the Wi-Fi password going by in clear text. Lots of people are building products like that."

With the Moto G4 and Moto G4 Plus arriving in the US on July 12, we now have them both in house for some review action.As a recap, the Moto G4 and Moto G4 Plus are the newest members of Motorola’s highly successful G range.

The core element of virtually every type of federal cloud procurement contract is the service level agreement, upon which billions of dollars of cloud investments are based.However, federal agencies have struggled with incorporating SLAs into cloud contracts that make sense for both the government and vendors.

Three current and former Facebook employees have confirmed to The New York Times that a software tool exists allowing the social network to be censored.Instead, Facebook would allow a third-party to use it in order to monitor and censor the posts of users on a per region basis.